HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect secure HTTPS websites against downgrade attacks and cookie hijacking.

HTTP Strict Transport Security allows web Websites to declare that web browsers or other complying user-agents should only interact with it using secure connections (HTTPS), and never via the insecure HTTP protocol.

RFC 6797#

HTTP Strict Transport Security is an IETF standards track protocol and is specified in RFC 6797.

HTTP Strict Transport Security defines a mechanism enabling web sites to declare themselves accessible only via secure connections and/or for users to be able to direct their user-agent(s) to interact with given sites only over secure connections. This overall policy is referred to as HTTP Strict Transport Security (HSTS). The policy is declared by websites via the Strict-Transport-Security HTTP HTTP Response HTTP Header Field and/or by other means, such as user-agent configuration, for example.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-8) was last changed on 07-Jun-2017 11:41 by jim